package com.google.firebase.auth;

import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Clock;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.firebase.FirebaseApp;
import com.google.firebase.FirebaseOptions;
import com.google.firebase.ImplFirebaseTrampolines;
import com.google.firebase.auth.internal.CryptoSigners;
import com.google.firebase.auth.internal.FirebaseTokenFactory;
import java.io.IOException;

/* loaded from: input_file:com/google/firebase/auth/FirebaseTokenUtils.class */
final class FirebaseTokenUtils {
    private static final String ID_TOKEN_CERT_URL = "https://www.googleapis.com/robot/v1/metadata/x509/securetoken@system.gserviceaccount.com";
    private static final String ID_TOKEN_ISSUER_PREFIX = "https://securetoken.google.com/";
    private static final String SESSION_COOKIE_CERT_URL = "https://www.googleapis.com/identitytoolkit/v3/relyingparty/publicKeys";
    private static final String SESSION_COOKIE_ISSUER_PREFIX = "https://session.firebase.google.com/";
    static final JsonFactory UNQUOTED_CTRL_CHAR_JSON_FACTORY = new GsonFactory();

    private FirebaseTokenUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FirebaseTokenFactory createTokenFactory(FirebaseApp firebaseApp, Clock clock) {
        try {
            return new FirebaseTokenFactory(firebaseApp.getOptions().getJsonFactory(), clock, CryptoSigners.getCryptoSigner(firebaseApp));
        } catch (IOException e) {
            throw new IllegalStateException("Failed to initialize FirebaseTokenFactory. Make sure to initialize the SDK with service account credentials or specify a service account ID with iam.serviceAccounts.signBlob permission. Please refer to https://firebase.google.com/docs/auth/admin/create-custom-tokens for more details on creating custom tokens.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FirebaseTokenVerifierImpl createIdTokenVerifier(FirebaseApp firebaseApp, Clock clock) {
        String projectId = ImplFirebaseTrampolines.getProjectId(firebaseApp);
        Preconditions.checkState(!Strings.isNullOrEmpty(projectId), "Must initialize FirebaseApp with a project ID to call verifyIdToken()");
        return FirebaseTokenVerifierImpl.builder().setShortName("ID token").setMethod("verifyIdToken()").setDocUrl("https://firebase.google.com/docs/auth/admin/verify-id-tokens").setJsonFactory(firebaseApp.getOptions().getJsonFactory()).setPublicKeysManager(newPublicKeysManager(firebaseApp.getOptions(), clock, ID_TOKEN_CERT_URL)).setIdTokenVerifier(newIdTokenVerifier(clock, ID_TOKEN_ISSUER_PREFIX, projectId)).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FirebaseTokenVerifierImpl createSessionCookieVerifier(FirebaseApp firebaseApp, Clock clock) {
        String projectId = ImplFirebaseTrampolines.getProjectId(firebaseApp);
        Preconditions.checkState(!Strings.isNullOrEmpty(projectId), "Must initialize FirebaseApp with a project ID to call verifySessionCookie()");
        return FirebaseTokenVerifierImpl.builder().setJsonFactory(firebaseApp.getOptions().getJsonFactory()).setPublicKeysManager(newPublicKeysManager(firebaseApp.getOptions(), clock, SESSION_COOKIE_CERT_URL)).setIdTokenVerifier(newIdTokenVerifier(clock, SESSION_COOKIE_ISSUER_PREFIX, projectId)).setShortName("session cookie").setMethod("verifySessionCookie()").setDocUrl("https://firebase.google.com/docs/auth/admin/manage-cookies").build();
    }

    private static GooglePublicKeysManager newPublicKeysManager(FirebaseOptions firebaseOptions, Clock clock, String str) {
        return new GooglePublicKeysManager.Builder(firebaseOptions.getHttpTransport(), UNQUOTED_CTRL_CHAR_JSON_FACTORY).setClock(clock).setPublicCertsEncodedUrl(str).build();
    }

    private static IdTokenVerifier newIdTokenVerifier(Clock clock, String str, String str2) {
        return new IdTokenVerifier.Builder().setClock(clock).setAudience(ImmutableList.of(str2)).setIssuer(str + str2).build();
    }
}
